Be wary of disguised Microsoft OneNote Audio phishing emails
Online scammers are trying to create more sophisticated and unpredictable methods to convince victims to provide them with login information and other valuable personal data. The case below is a typical example.
This new phishing campaign involves OneNote Audio Note, which has just been deployed worldwide and has begun to "welcome" the first victims. Specifically, this phishing campaign appears as an email to the target with the subject "New Audio Note Received" (roughly translated: You have received a new audio note), with the content announcing that you received a new audio message, sent from a contact in the address book. However, to listen to the message content, you will have to click on the link that is available below - that's the malicious link.
- Facebook's Libra electronic currency has not yet set a launch date but scam tricks are ready
Phishing email content
There is a noticeable feature: fraudulent scammers now often add footer notes that indicate this email is absolutely safe because it has been scanned by security software. For example, in this case, the hacker said that the email was "Scanned by McAfee Ultimate 2019 exclusive antivirus service for Microsoft" (Scanned by McAfee Ultimate 2019 Antivirus Scanning Service for Microsoft).
Also, this note will make the email more 'professional', easily fooling inexperienced people.
When you click on the "Listen to full message here" link (in case the device is connected to the internet), you will immediately be directed to the fake OneNote Online page, hosted on Sharepoint.com server. This page again reports that you have a new audio message (You have a new audio message), and then prompts you to click on another link to hear the message.
- The winning scam from Google: 'The cat game' for the vigilant, 'tragic' for those who are light-hearted
OneNote fake online page
When clicking on the link to listen to Audio Note, you will continue to be taken to another Sharepoint.com hosting site (currently disabled). Now is the time when this phishing trick is actually 'visible', you will be prompted to sign in with your Microsoft account to listen to the message. And of course if you follow, all your Microsoft account login information will fall into the hands of hackers.
This fake page may look similar to the image below, often used by various phishing scams, accurately simulating the interface of Microsoft services login pages like OneNote, Office 365 and Outlook. If you don't pay close attention, you'll be fooled and assume that this is Microsoft's "genuine" login page.
- New Android Trojans lead users to phishing websites by notification on the application
The fake Microsoft account login page
The phishing pages mentioned above are stored on Sharepoint.com server, so they will also come with a legitimate certificate from Microsoft. This detail helps them become more reliable in the victim's eyes.
Microsoft fake certificate
In general, this form of fraud has been more sophisticated, but is not new in nature. Even so, it will still be dangerous for ordinary users who don't have much knowledge about security.
- Warning: Accessing the personal page of a comment about a scam can be robbed of a Facebook nick
For Microsoft accounts and Outlook.com login information, there is an important thing to remember: Microsoft login forms will only be available on legitimate domains like microsoft.com, live.com. , microsoftonline.com and outlook.com. If you are provided with a Microsoft login form but originating from any other URL, it is best to avoid it because it is more likely to be a phishing site, designed to collect victim login information. multiply.
You should read it
- Identify popular online scams so as not to lose money unfairly
- Warning: Phishing attacks targeting Microsoft Teams show signs of sharp increase
- 7 forms of fraud, popular online fraud
- How to identify phishing emails
- 25% of 'over-the-counter' phishing emails are the default security of Office 365
- Apple shows users how to distinguish phishing emails from the App Store
- [Infographic] How to recognize and prevent Phishing attacks
- Google wants to test user knowledge about phishing emails
- How to report phishing emails in Outlook.com
- Microsoft shows how to avoid trapping phishing
- Outlook on Android is about to add phishing email feature
- How Phishing works
Maybe you are interested
What is Microsoft Azure Certification?
Cybercriminals are using Microsoft Teams calls to commit fraud
Microsoft officially supports sharing files from iPhone to Windows using Phone Link application
Microsoft 365 Android PDF Viewer shows ads, even with subscription
10 Useful Table Formatting Tips in Microsoft Word
Here's everything Microsoft knows about your PC!